Secure identification of intranet network
First Claim
1. A method performed on a particular computing device that includes at least one processor and memory and that is coupled to a network, the method comprising:
- determining, by the particular computing device in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller;
determining, by the particular computing device in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by the domain controller;
determining, by the particular computing device in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller;
generating, by the particular computing device, a unique identifier of the network based on;
at least one high-entropy property of the network; and
at least one of the first information, the second information, or the third information; and
providing, by the particular computing device, the generated unique identifier of the network to a component on the particular computing device.
2 Assignments
0 Petitions
Accused Products
Abstract
A method is provided for network identification based on high entropy data on a network which are not easily guessed or obtained outside the network, which can prevent an attacker from “spoofing” the network. A component in a client computer connected to a network may obtain over the network a network data block including device identification information of a device controlling the network. Upon parsing the network data block, such high entropy data as unique device identifiers may be obtained from the device identification information. Depending on availability of the unique device identifiers and authentication history of the client computer, different combinations of the unique device identifiers and/or other identification information may be used to generate a unique network identifier such as a network signature. The component may provide the network signature to applications within the client computer.
23 Citations
20 Claims
-
1. A method performed on a particular computing device that includes at least one processor and memory and that is coupled to a network, the method comprising:
-
determining, by the particular computing device in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller; determining, by the particular computing device in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by the domain controller; determining, by the particular computing device in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller; generating, by the particular computing device, a unique identifier of the network based on; at least one high-entropy property of the network; and at least one of the first information, the second information, or the third information; and providing, by the particular computing device, the generated unique identifier of the network to a component on the particular computing device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. At least one computer storage device comprising:
memory that comprises computer-executable instructions that, based on execution by a particular computing device, configure the particular computing device to; determine, in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller; determine, in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by a domain controller; determine, in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller; generate a unique identifier of the network based on; at least one high-entropy property of the network; and at least one of the first information, the second information, or the third information; and provide the generated unique identifier of the network to a component on the particular computing device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
15. A system comprising:
-
a particular computing device that includes at least one processor and memory; the particular computing device configured to determine, in communication with a domain controller coupled to the network, first information indicating whether or not the particular computing device is currently joined to a domain of the network that is controlled by the domain controller; the particular computing device configured to determine, in communication with the domain controller coupled to the network and based on the first information indicating that the particular computing device is currently joined to the domain, second information indicating whether or not the particular computing device is currently authenticated by the domain controller; the particular computing device configured to determine, in communication with the domain controller coupled to the network and based on the second information indicating that the particular computing device is not currently authenticated by the domain controller of the domain, whether or not the particular computing device was previously authenticated by the domain controller; a network location awareness component configured to generate, a unique identifier of the network based on; at least one high-entropy property of the network; and at least one of the first information, the second information, or the third information; and the particular computing device configured to provide the generated unique identifier of the network to a component on the particular computing device. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification